cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1721
Views
0
Helpful
5
Replies

C892FSP-K9 VPN? - SOLVED

adelium904
Level 1
Level 1

Hello,

I bought a few weeks ago two C892FSP-K9.

When I bought it, I said it was to link 2 to 3 sites all together throught VPN site-to-Site. Those devices can have up to 50 VPN tunnel. I am not shure yet how to implement the ipsec tunnel vpn capability, but I am not sure that I have all the settings available.

Here is what I mean and the result of the "crypto ?" command:

(config)#crypto ?
  key                 Long term key operations
  pki                  Public Key components
  provisioning  Secure Device Provisioning
  wui                 Crypto HTTP configuration interfaces

In this list of available commande, I do not have

isakmp

In all the exemple I found in Internet to make a tunnel, they use isakmp. So if it is not avalable, How can I do?

By the way, do I have to do, activate something somewhere to have access to isakmp?

 

Thanks?

5 Replies 5

johnlloyd_13
Level 9
Level 9

Hi,

Nowadays, Cisco sells a separate security license (PAK) for ISR G2 routers. 

Try to issue a 'show version' to see if there's a permanent security license installed. If it says none (under security), then you'll have to order.

Hi,

Thanks for the answer.

Show vertion gives me this.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco C892FSP-K9 (revision 1.0) with 488524K/35763K bytes of memory.
Processor board ID FCZ1803C202
10 Gigabit Ethernet interfaces
DRAM configuration is 32 bits wide
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#      PID            SN
-------------------------------------------------
*0        C892FSP-K9            ************    
          


License Information for 'c800'
    License Level: advipservices_npe   Type: Permanent
    Next reboot license Level: advipservices_npe

It should be Here?

 

Thanks

Hi,

You'll see it under UDI info and right before the config-register.

It look something like this:

 

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot 
------------------------------------------------------------------
ipbase        ipbasek9      Permanent      ipbasek9
security      None          None           None  
uc            uck9          Permanent      uck9
data          None          None           None

Configuration register is 0x2102

 

i recently installed a security license key on one of our 2911 to establish an IPsec VPN tunnel.

hope this link might help:

http://wannabelab.blogspot.com/2014/04/using-cisco-router-as-tftp-server.html

 

 

Hi,

I have contacted my reseler who tells me that the VPN for 50 tunnels comes with the device.

Look at the attached picture.

 

I have look in many different website an see that to do a vpn site to site link, I need this command "isakmp".

Is there another way to do it with either:

key                 Long term key operations
pki                  Public Key components
provisioning  Secure Device Provisioning
wui                 Crypto HTTP configuration interfaces

 

Thanks for the answer.

 

Vandman

Hi,

I have found the solution. It seems that my devices were shiped with this IOS:

c800-universalk9_npe-mz.SPA.153-2.T.bin

I did not have the equivalent of advsecurity feature in it.

So Someone from Cisco send me this IOS:

c800-universalk9-mz.SPA.152-4.M6.bin

And all came back to normal... Now I have this:

(config)#crypto ?

  batch         Crypto Batch Processing
  call          Configure Crypto Call Admission Control
  ctcp          Configure cTCP encapsulation
  dynamic-map   Specify a dynamic crypto map template
  engine        Enter a crypto engine configurable menu
  gdoi          Configure GDOI policy
  identity      Enter a crypto identity list
  ikev2         Configure IKEv2 Options
  ipsec         Configure IPSEC policy
  isakmp        Configure ISAKMP policy
  key           Long term key operations
  keyring       Key ring commands
  logging       logging messages
  map           Enter a crypto map
  mib           Configure Crypto-related MIB Parameters
  pki           Public Key components
  provisioning  Secure Device Provisioning
  vpn           Configure crypto vpn commands
  wui           Crypto HTTP configuration interfaces
  xauth         X-Auth parameters

 

 

Thanks For those who tried to help me.

 

Vandman

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: